Total CVEs

141,492

Critical Severity

3,867

High Severity

13,899

Last 7 Days

1,646
Quick preset (or use dates below)
Clear Filters
πŸ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years β†’
Showing 9,381 - 9,400 of 14,047 CVEs
CVE-2026-33042 MEDIUM - 5.3

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.29 and 8.6.49, a user can sign up without providing credentials by sending an empty `authData` object, bypassing the username and password requirement. This allows the creatio...

Vendor: npm
Product: parse-server
Published: Mar 17, 2026
Source: GitHub
CVE-2026-33041 MEDIUM - 5.3

WWBN AVideo is an open source video platform. In versions 25.0 and below, /objects/encryptPass.json.php exposes the application's password hashing algorithm to any unauthenticated user. An attacker can submit arbitrary passwords and receive their hashed equivalents, enabling offline password cr...

Vendor: composer
Product: wwbn/avideo
Published: Mar 17, 2026
Source: GitHub
CVE-2026-33022 MEDIUM - 6.5

Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Versions 0.60.0 through 1.0.0, 1.1.0 through 1.3.2, 1.4.0 through 1.6.0, 1.7.0 through 1.9.0, 1.10.0, and 1.10.1 have a denial-of-service vulnerability in that allows any user who can create a TaskRun or Pipel...

Vendor: go
Product: github.com/tektoncd/pipeline
Published: Mar 17, 2026
Source: GitHub

Tillitis TKey Client package is a Go package for a TKey client. Versions 1.2.0 and below contain a critical bug in the tkeyclient Go module which causes 1 out of every 256 User Supplied Secrets (USS) to be silently ignored, producing the same Compound Device Identifier (CDI)β€”and thus the same key ma...

Vendor: go
Product: github.com/tillitis/tkeyclient
Published: Mar 17, 2026
Source: GitHub
CVE-2026-25790 MEDIUM - 4.9

Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 3.9.0 and prior to version 4.14.3, multiple stack-based buffer overflows exist in the Security Configuration Assessment (SCA) decoder (`wazuh-analysisd`). The use of `sprintf` with a flo...

Vendor: wazuh
Product: wazuh
Published: Mar 17, 2026
Source: NVD
CVE-2026-25772 MEDIUM - 4.9

Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 4.4.0 and prior to version 4.14.3, a stack-based buffer overflow vulnerability exists in the Wazuh Database synchronization module (`wdb_delta_event.c`). The SQL query construction logic...

Vendor: wazuh
Product: wazuh
Published: Mar 17, 2026
Source: NVD
CVE-2026-25771 MEDIUM - 5.3

Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 4.3.0 and prior to version 4.14.3, a Denial of Service (DoS) vulnerability exists in the Wazuh API authentication middleware (`middlewares.py`). The application uses an asynchronous even...

Vendor: wazuh
Product: wazuh
Published: Mar 17, 2026
Source: NVD
CVE-2026-22882 MEDIUM - 6.1

An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information.

Vendor: Canva
Product: Affinity
Published: Mar 17, 2026
Source: NVD
CVE-2026-20726 MEDIUM - 6.1

An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information.

Vendor: Canva
Product: Affinity
Published: Mar 17, 2026
Source: NVD
CVE-2025-66633 MEDIUM - 6.1

An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information.

Vendor: Canva
Product: Affinity
Published: Mar 17, 2026
Source: NVD
CVE-2025-66617 MEDIUM - 6.1

An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information.

Vendor: Canva
Product: Affinity
Published: Mar 17, 2026
Source: NVD
CVE-2025-66503 MEDIUM - 6.1

An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information.

Vendor: Canva
Product: Affinity
Published: Mar 17, 2026
Source: NVD
CVE-2025-66042 MEDIUM - 6.1

An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information.

Vendor: Canva
Product: Affinity
Published: Mar 17, 2026
Source: NVD
CVE-2025-66000 MEDIUM - 6.1

An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information.

Vendor: Canva
Product: Affinity
Published: Mar 17, 2026
Source: NVD
CVE-2025-65119 MEDIUM - 6.1

An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information.

Vendor: Canva
Product: Affinity
Published: Mar 17, 2026
Source: NVD
CVE-2025-64776 MEDIUM - 6.1

An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information.

Vendor: Canva
Product: Affinity
Published: Mar 17, 2026
Source: NVD
CVE-2025-64735 MEDIUM - 6.1

An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information.

Vendor: Canva
Product: Affinity
Published: Mar 17, 2026
Source: NVD
CVE-2025-64733 MEDIUM - 6.1

An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information.

Vendor: Canva
Product: Affinity
Published: Mar 17, 2026
Source: NVD
CVE-2025-62500 MEDIUM - 6.1

An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information.

Vendor: Canva
Product: Affinity
Published: Mar 17, 2026
Source: NVD
CVE-2025-62403 MEDIUM - 6.1

An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information.

Vendor: Canva
Product: Affinity
Published: Mar 17, 2026
Source: NVD